sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

// SPDX-License-Identifier: Apache-2.0
// Copyright (c) 2024 Ryan Urchick

use super::super::{CertRule, RuleViolation};
use crate::manifest::{RuleCategory, Severity};
use tree_sitter::Node;

pub struct Pos48C;

impl CertRule for Pos48C {
    fn rule_id(&self) -> &'static str {
        "POS48-C"
    }
    fn description(&self) -> &'static str {
        "Do not unlock or destroy another thread's mutex"
    }
    fn severity(&self) -> Severity {
        Severity::High
    }
    fn category(&self) -> RuleCategory {
        RuleCategory::Rule
    }
    fn cert_id(&self) -> &'static str {
        "POS48-C"
    }

    fn check(&self, _node: &Node, source: &str) -> Vec<RuleViolation> {
        let mut violations = Vec::new();

        // Check for pthread_mutex_destroy followed by access to shared data
        // without proper thread synchronization
        let lines: Vec<&str> = source.lines().collect();
        let mut found_destroy_line = None;
        let mut has_wait_before_destroy = false;

        for (i, line) in lines.iter().enumerate() {
            if line.contains("wait_for_all_threads") {
                has_wait_before_destroy = true;
            }

            if line.contains("pthread_mutex_destroy") {
                found_destroy_line = Some(i);
            }

            // After destroy, check if there's data access
            if let Some(destroy_line) = found_destroy_line {
                if i > destroy_line {
                    // Look for data modifications after mutex is destroyed
                    if line.contains("data++")
                        || line.contains("data +=")
                        || line.contains("data =")
                    {
                        // Only flag if we didn't wait for threads before destroying
                        if !has_wait_before_destroy {
                            violations.push(RuleViolation {
                                rule_id: self.rule_id().to_string(),
                                severity: self.severity(),
                                line: i + 1,
                                column: 1,
                                file_path: String::new(),
                                message: "Accessing shared data after destroying mutex".to_string(),
                                suggestion: Some(
                                    "Ensure all threads finish before destroying mutex".to_string(),
                                ),
                                requires_manual_review: None,
                            });
                        }
                        break;
                    }
                }
            }
        }

        violations
    }
}